OiO.lk Community platform!

Oio.lk is an excellent forum for developers, providing a wide range of resources, discussions, and support for those in the developer community. Join oio.lk today to connect with like-minded professionals, share insights, and stay updated on the latest trends and technologies in the development field.
  You need to log in or register to access the solved answers to this problem.
  • You have reached the maximum number of guest views allowed
  • Please register below to remove this limitation

google-github-actions/get-gke-credentials failed with: required "container.clusters.get" permission(s)

  • Thread starter Thread starter Tim Hardy
  • Start date Start date
T

Tim Hardy

Guest
The action is failing with the following error... "google-github-actions/get-gke-credentials failed with: required "container.clusters.get" permission(s)". I'm not using a service account.

I'm using the “Direct Workload Identity Federation” option as described by the google-github-actions/auth action. I also created my Workload Identity Pool and Provider according to their instructions. All of the help I'm reading talks about service accounts, but the auth action is clear that the "Direct Workload Identity Federation" option does not require a service account.

from the google-github-actions/auth documentation...

Code:
    service_account: (Optional) Email address or unique identifier of the Google Cloud service account for which to impersonate and generate credentials. 

Without this input, the GitHub Action will use Direct Workload Identity Federation

Action YAML

Code:
name: deploy-k8s-manifests

on:
  push:
    branches:
      - dev
    paths:
      - 'k8s/**'

jobs:
  deploy:
    runs-on: ubuntu-latest

    # Add "id-token" with the intended permissions.
    permissions:
      contents: 'read'
      id-token: 'write'

    steps:
      - name: Get code
        uses: actions/checkout@v4

      - name: Authenticate with GCP
        id: 'auth'
        uses: google-github-actions/auth@v2
        with:
          project_id: 'my-project'
          workload_identity_provider: 'projects/299900345299/locations/global/workloadIdentityPools/github/providers/my-provider'

      - name: Get GKE credentials
        id: 'get-credentials'
        uses: google-github-actions/get-gke-credentials@v2
        with:
          cluster_name: 'preprod'
          location: 'us-central1'

      - name: Do anything with kubectl
        run: kubectl get pods

Log output

Code:
Authenticate with GCP
Run google-github-actions/auth@v2
Created credentials file at "/home/runner/work/my-project/my-project/gha-creds-c9c4d62169250d9a.json"

Get GKE credentials
Run google-github-actions/get-gke-credentials@v2
Error: google-github-actions/get-gke-credentials failed with: required "container.clusters.get" permission(s) for "projects/my-project/locations/us-central1/clusters/preprod".

Any help will be greatly appreciated.
<p>The action is failing with the following error... "<strong>google-github-actions/get-gke-credentials failed with: required "container.clusters.get" permission(s)</strong>". I'm not using a service account.</p>
<p>I'm using the “Direct Workload Identity Federation” option as described by the google-github-actions/auth action. I also created my Workload Identity Pool and Provider according to their instructions. All of the help I'm reading talks about service accounts, but the auth action is clear that the "Direct Workload Identity Federation" option does not require a service account.</p>
<p>from the google-github-actions/auth documentation...</p>
<pre><code> service_account: (Optional) Email address or unique identifier of the Google Cloud service account for which to impersonate and generate credentials.

Without this input, the GitHub Action will use Direct Workload Identity Federation
</code></pre>
<p>Action YAML</p>
<pre><code>name: deploy-k8s-manifests

on:
push:
branches:
- dev
paths:
- 'k8s/**'

jobs:
deploy:
runs-on: ubuntu-latest

# Add "id-token" with the intended permissions.
permissions:
contents: 'read'
id-token: 'write'

steps:
- name: Get code
uses: actions/checkout@v4

- name: Authenticate with GCP
id: 'auth'
uses: google-github-actions/auth@v2
with:
project_id: 'my-project'
workload_identity_provider: 'projects/299900345299/locations/global/workloadIdentityPools/github/providers/my-provider'

- name: Get GKE credentials
id: 'get-credentials'
uses: google-github-actions/get-gke-credentials@v2
with:
cluster_name: 'preprod'
location: 'us-central1'

- name: Do anything with kubectl
run: kubectl get pods
</code></pre>
<p>Log output</p>
<pre><code>Authenticate with GCP
Run google-github-actions/auth@v2
Created credentials file at "/home/runner/work/my-project/my-project/gha-creds-c9c4d62169250d9a.json"

Get GKE credentials
Run google-github-actions/get-gke-credentials@v2
Error: google-github-actions/get-gke-credentials failed with: required "container.clusters.get" permission(s) for "projects/my-project/locations/us-central1/clusters/preprod".
</code></pre>
<p>Any help will be greatly appreciated.</p>
Continue reading...
 

Latest posts

Top